![](/screenshots/9917594c-8a05-405f-b955-ee9f4333aab5.png)
colegioanahuac.mx
Open in
urlscan Pro
72.29.77.180
Malicious Activity!
Public Scan
Submission: On June 03 via automatic, source openphish
Summary
This is the only time colegioanahuac.mx was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 72.29.77.180 72.29.77.180 | 33182 (DIMENOC) (DIMENOC - HostDime.com) | |
10 | 2.18.234.107 2.18.234.107 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 1 | 66.135.195.83 66.135.195.83 | 11643 (EBAY) (EBAY - eBay) | |
1 | 2.18.233.20 2.18.233.20 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 23.67.135.182 23.67.135.182 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 66.135.211.22 66.135.211.22 | 11643 (EBAY) (EBAY - eBay) | |
1 1 | 66.211.185.47 66.211.185.47 | 11643 (EBAY) (EBAY - eBay) | |
1 2 | 176.120.18.70 176.120.18.70 | 198911 (BML-AS) (BML-AS) | |
1 | 2.18.233.21 2.18.233.21 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
18 | 8 |
ASN33182 (DIMENOC - HostDime.com, Inc., US)
PTR: smx5.hostdime.com.mx
colegioanahuac.mx |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-107.deploy.static.akamaitechnologies.com
secureir.ebaystatic.com | |
rover.ebay.de | |
securepics.ebaystatic.com | |
www.ebay.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-20.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-135-182.deploy.static.akamaitechnologies.com
signin.ebay.de |
ASN11643 (EBAY - eBay, Inc, US)
PTR: signin.ebay.com
signin.ebay.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-21.deploy.static.akamaitechnologies.com
c.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ebaystatic.com
secureir.ebaystatic.com securepics.ebaystatic.com |
96 KB |
3 |
paypal.com
1 redirects
b.stats.paypal.com dub.stats.paypal.com c.paypal.com |
1 KB |
3 |
ebay.com
2 redirects
rover.ebay.com b.stats.ebay.com Failed 586a5c14962lezvo.stats.ebay.com Failed signin.ebay.com www.ebay.com |
2 KB |
2 |
ebay.de
rover.ebay.de signin.ebay.de |
482 B |
1 |
ebayrtm.com
srv.de.ebayrtm.com |
446 B |
1 |
paypalobjects.com
www.paypalobjects.com |
17 KB |
1 |
colegioanahuac.mx
colegioanahuac.mx |
54 KB |
18 | 7 |
Domain | Requested by | |
---|---|---|
6 | secureir.ebaystatic.com |
colegioanahuac.mx
|
2 | securepics.ebaystatic.com |
colegioanahuac.mx
|
1 | c.paypal.com |
www.paypalobjects.com
|
1 | dub.stats.paypal.com |
colegioanahuac.mx
|
1 | b.stats.paypal.com | 1 redirects |
1 | www.ebay.com |
colegioanahuac.mx
|
1 | signin.ebay.com | 1 redirects |
1 | srv.de.ebayrtm.com |
colegioanahuac.mx
|
1 | signin.ebay.de |
colegioanahuac.mx
|
1 | www.paypalobjects.com |
colegioanahuac.mx
|
1 | rover.ebay.de |
colegioanahuac.mx
|
1 | rover.ebay.com | 1 redirects |
1 | colegioanahuac.mx | |
0 | 586a5c14962lezvo.stats.ebay.com Failed |
colegioanahuac.mx
|
0 | b.stats.ebay.com Failed |
colegioanahuac.mx
|
18 | 15 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ebay.de |
scgi.ebay.de |
qu.ebay.de |
pages.ebay.de |
seal.verisign.com |
www.verisign.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
signin.ebay.com DigiCert SHA2 Secure Server CA |
2018-04-26 - 2019-04-27 |
a year | crt.sh |
www.paypal.com Symantec Class 3 EV SSL CA - G3 |
2017-09-22 - 2019-10-30 |
2 years | crt.sh |
This page contains 6 frames:
Primary Page:
http://colegioanahuac.mx/quintob/dieta/images/up.html
Frame ID: 8533E87E5EACA14772F25B2D8158E9F0
Requests: 13 HTTP requests in this frame
Frame:
https://www.paypalobjects.com/webstatic/r/fb/fb-all-prod.akamai.pp.min.js
Frame ID: 0E01DA649BD9FCA257F96A751F0082DA
Requests: 1 HTTP requests in this frame
Frame:
https://signin.ebay.de/t_n.html?org_id=usllpic0&session_id=62586a6c1490a604a4639ae3ffee0df4
Frame ID: ED83FF1F40307697B915F5BDF40FF415
Requests: 1 HTTP requests in this frame
Frame:
https://srv.de.ebayrtm.com/rtm?RtmGetCapJs&p=18&rqid=62586a6c1490a604a46238b2ffe7689d&cb=parent.window.updateRtmField
Frame ID: 0655495579D65426644AD474C1990E18
Requests: 1 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/counter2.cgi
Frame ID: 3B189381710D693A99BCC94205F33DB9
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://www.paypalobjects.com/webstatic/r/fb/fb-all-prod.akamai.pp.min.js
Frame ID: 55C8F3A3BF5944F30C595074608BAF1D
Requests: 1 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: eBay
Search URL Search Domain Scan URL
Title: Sie haben Ihr Passwort vergessen
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: eBay-AGB
Search URL Search Domain Scan URL
Title: Datenschutzerkl�rung
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Zum Thema SSL-Zertifikate
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://rover.ebay.com/roversync/?site=77&stg=1&mpt=1414694201964 HTTP 301
- https://rover.ebay.de/roversync/?site=77&stg=1&cguid=c46599e61630a9c118d51d1cf9f76939&mpt=1528008382950
- https://signin.ebay.com/ws/eBayISAPI.dll?SignInAuthRedirect&guid=true&isV4=true&ct=AQAAAUlO5vGbAAU3RXhCWHQrZzhFdGZsVHhxQXJBOEhmdHNqeXlJNmhKQlR1UFhFU1JNNGRjPYom%2FKdZawSCiywTZ99cF4jNndxh HTTP 302
- https://www.ebay.com/ws/eBayISAPI.dll?SignInAuthRedirect&guid=true&isV4=true&ct=AQAAAUlO5vGbAAU3RXhCWHQrZzhFdGZsVHhxQXJBOEhmdHNqeXlJNmhKQlR1UFhFU1JNNGRjPYom%2FKdZawSCiywTZ99cF4jNndxh
- https://b.stats.paypal.com/v1/counter.cgi?r=cD02MjU4NTljODE0OTBhNTZjZDYzMTg1ZTJmZmZkOGU2YSZpPTg2LjEyNi4xMjQuODgmdD0xNDE0Njk0MjAxJmE9MjB8RJs43LtT_IwOMUtbSVsiKUY9bw== HTTP 302
- https://dub.stats.paypal.com/counter2.cgi
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
up.html
colegioanahuac.mx/quintob/dieta/images/ |
53 KB 54 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
xiqygkjz2qyibmxshntsverhaeq.png
secureir.ebaystatic.com/rs/v/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
rover.ebay.de/roversync/ Redirect Chain
|
42 B 482 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
eBayISAPI.dll
b.stats.ebay.com/ws/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
eBayISAPI.dll
586a5c14962lezvo.stats.ebay.com/ws/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
imgbg.jpg
securepics.ebaystatic.com/aw/pics/cmp/ds3/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
fb-all-prod.akamai.pp.min.js
www.paypalobjects.com/webstatic/r/fb/ Frame 0E01 |
48 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t_n.html
signin.ebay.de/ Frame ED83 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
seal.gif
secureir.ebaystatic.com/pictures/aw/pics/globalHeader/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
r32gctn0fu3vjkpge2mjhij3q.js
secureir.ebaystatic.com/v4js/z/i5/ |
102 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
wlt1m5gqge0wpkzj3qjrocjp4uv.js
secureir.ebaystatic.com/rs/v/ |
31 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
341wgvdjgy2abb1qzf3cxflzf.js
secureir.ebaystatic.com/v4js/z/eu/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rtm
srv.de.ebayrtm.com/ Frame 0655 |
9 B 446 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
zwab4ilpra3mdez1m5n553vkc.js
secureir.ebaystatic.com/v4js/z/yq/ |
76 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sprSignIn2.png
securepics.ebaystatic.com/aw/pics/de/signin/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
eBayISAPI.dll
www.ebay.com/ws/ Redirect Chain
|
162 B 716 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/ Frame 3B18 Redirect Chain
|
42 B 494 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i
c.paypal.com/v1/r/d/ Frame 55C8 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- b.stats.ebay.com
- URL
- https://b.stats.ebay.com/ws/eBayISAPI.dll?V4AppCounter&r=n2S4GT4TyOQ-Y5HK6WYu2uLiiiVAYugZR_MVWNntp8DVIz-mwJxhZFaqie-L6Bg4MLpaZCcRNfhPSFioc4syZMviLOwc7kKIK0Q1ycc3qxoxQjzE8_2Z8gqGKTjT8GdzmnbreA**&seq=1
- Domain
- 586a5c14962lezvo.stats.ebay.com
- URL
- https://586a5c14962lezvo.stats.ebay.com/ws/eBayISAPI.dll?V4AppCounter&r=n2S4GT4TyOQ-Y5HK6WYu2uLiiiVAYugZR_MVWNntp8DVIz-mwJxhZFaqie-L6Bg4MLpaZCcRNfhPSFioc4syZMviLOwc7kKIK0Q1ycc3qxoxQjzE8_2Z8gqGKTjT8GdzmnbreA**&seq=2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)82 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| corId string| srcId string| bUrl string| paypalJs undefined| dom object| doc object| where object| iframe string| rtmAsyncURL function| updateRtmField string| pageID string| pageName object| vjo string| clz function| ed boolean| _GlobalNavHeaderUtf8Encoding string| includeHost object| _oGlobalNavRTMInfo boolean| _GlobalNavHeaderStatic boolean| _GlobalNavHeaderCookieTracking object| GH object| GH_config number| svrGMT object| deconcept function| getQueryParamValue function| FlashObject function| SWFObject function| _a2 function| _b2 function| _c2 function| _d2 function| _e2 function| _f2 function| _g2 function| _h2 function| _i2 function| _j2 function| _k2 function| _l2 function| _m2 function| _n2 function| _o2 function| _p2 function| _q2 function| _r2 function| _s2 undefined| AO_timer_resize undefined| AO_timer_scroll function| _t2 function| _u2 function| _v2 function| _w2 function| _x2 function| _y2 function| _z2 function| _ba2 function| _bb2 function| _bc2 function| _bd2 function| _be2 function| _bf2 function| _bg2 function| _bh2 function| _bi2 function| _bj2 function| _bk2 function| _bl2 function| _bm2 function| _bn2 function| _bo2 function| _bp2 function| _bq2 function| _br2 function| _bs2 function| _bt2 function| _bu2 function| setVariable string| cId object| AO_globals boolean| webkit object| html_storage object| PFB_47325 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.paypal.com/ | Name: X-PP-SILOVER Value: name%3DLIVE3.APIC.1%26silo_version%3D880%26app%3Driskclientmetadatapiserv_apic%26TIME%3D3196982107%26HTTP_X_PP_AZ_LOCATOR%3Ddcg01.phx |
|
.paypal.com/ | Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: NhryQoin76kFd3GE4gavjOZsf6uny_iPw82L1mto4vn1QASllExDhjcqKpmBa-HsRqdgjMLYyO23HKYd |
|
.c.paypal.com/ | Name: sc_f Value: WshvSTNHm7QBsMYI64uddmmB0NI_UoOFcCkGnvS1-JvxdTvFhXLS6sfhSM6AZyibCi-5ldFk_asHe-R5PmXTKD-5MM96xmwDhdWmg0 |
|
c.paypal.com/ | Name: PP-Corr-Id Value: EBAY_SIGNIN:625859c81490a56cd63185e2fffd8e6a |
|
.ebay.de/ | Name: npii Value: btguid/c4659aa31630a993e0930ab7f9fd7c3e5cf4c23f^cguid/c46599e61630a9c118d51d1cf9f769395cf4c23f^ |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
586a5c14962lezvo.stats.ebay.com
b.stats.ebay.com
b.stats.paypal.com
c.paypal.com
colegioanahuac.mx
dub.stats.paypal.com
rover.ebay.com
rover.ebay.de
secureir.ebaystatic.com
securepics.ebaystatic.com
signin.ebay.com
signin.ebay.de
srv.de.ebayrtm.com
www.ebay.com
www.paypalobjects.com
586a5c14962lezvo.stats.ebay.com
b.stats.ebay.com
176.120.18.70
2.18.233.20
2.18.233.21
2.18.234.107
23.67.135.182
66.135.195.83
66.135.211.22
66.211.185.47
72.29.77.180
116f9313e1d61163990a6ac705181bbcf1ca01c93176f49fa502bf505dbac109
23d84e14483490b839406c89c58debb5be02b92a6ec3b80247d16bb552bdc68f
2f5bc1f44198193569326ab9c452a74092b7ca602ae7b4152858a047ff5d7416
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
5c07f2e467dc73f47ee4ad939e899c1e27e59c669235ce2b449e22bf47ea2b32
67bcd2d2d17a769df440dcb9d89aad4e58d015691ce201eafcdd9b7116d71898
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8a7b0ef0042a25ed17ab7aa1294d453ed4072ce3146368cbe8d78f4b17e73817
8e27b0403bf1062e5c8df7f76bb053bac530db88e86a3f5b99930b4dc78c69d1
9088173db5a37e3a5b4d9e25cdd7d10505217415bf10cb6ddc2ccce74728d5d7
9329e47d8f7f88e1b452b8520dbe8187523f2e109a98601376bb000e7806f418
b054c21c769e6e73a3f3f2e51ff27783043d87f8c4cb963c0554b33010fa3efc
d9c9cf360a34a7a8a0e831a70e7edd079e4cea3ce9c2c99f60c7c48c42c9e200